Le Mar 16 octobre 2007 11:12, Tomas Mraz a écrit :
>
> On Tue, 2007-10-16 at 10:59 +0200, Lubomir Kundrak wrote:
>> On Mon, 2007-10-15 at 23:31 +0200, Karel Zak wrote:
>> > Couldn't be better to maintain default selinux labels like others
>> > file attributes?
>> >
>> > %attr(4755,root,root) %selinux(foo_t) /bin/foo
>>
>> I was thinking many times why don't we already do it this way. Much
>> more
>> elegant and maintainable than restorecon in scriptlets.
> And how does that take care of updating file_contexts so the labels
> are not lost on the next filesystem relabel?
>From a packager POW, ideally rpm would turn %selinux spec annotations
in a selinux policy file installed at the right place so relabel
works. That's plumbing your typical packager wants no part of.
Regards,
--
Nicolas Mailhot